+ debug1("Fixing paths in sshd_config...\n");
+
+ $fileInput = "$setupdir/sshd_config.in";
+ $fileOutput = "$sysconfdir/sshd_config";
+
+ #
+ # verify that we are prepared to work with $fileInput
+ #
+
+ if ( !isReadable($fileInput) )
+ {
+ debug1("Cannot read $fileInput... skipping.\n");
+ return;
+ }
+
+ #
+ # verify that we are prepared to work with $fileOuput
+ #
+
+ if ( !prepareFileWrite($fileOutput) )
+ {
+ return;
+ }
+
+ #
+ # check to see whether we should enable privilege separation
+ #
+
+ if ( userExists("sshd") && ( -d "/var/empty" ) && ( getOwnerID("/var/empty") eq 0 ) )
+ {
+ setPrivilegeSeparation(1);
+ }
+ else
+ {
+ setPrivilegeSeparation(0);
+ }
+
+ if ( getPrivilegeSeparation() )
+ {
+ $privsep_enabled = "yes";
+ }
+ else
+ {
+ $privsep_enabled = "no";
+ }
+
+ #
+ # Grab the current mode/uid/gid for use later
+ #
+
+ $mode = (stat($fileInput))[2];
+ $uid = (stat($fileInput))[4];
+ $gid = (stat($fileInput))[5];
+
+ #
+ # Open the files for reading and writing, and loop over the input's contents
+ #
+
+ $data = readFile($fileInput);
+
+ # #
+ # # alter the PidFile config
+ # #
+ #
+ # $text = "PidFile\t$gpath/var/sshd.pid";
+ # $data =~ s:^[\s|#]*PidFile.*$:$text:gm;
+
+ #
+ # set the sftp directive
+ #
+
+ $text = "Subsystem\tsftp\t$gpath/libexec/sftp-server";
+ $data =~ s:^[\s|#]*Subsystem\s+sftp\s+.*$:$text:gm;
+
+ #
+ # set the privilege separation directive
+ #
+
+ $text = "UsePrivilegeSeparation\t${privsep_enabled}";
+ $data =~ s:^[\s|#]*UsePrivilegeSeparation.*$:$text:gm;
+
+ #
+ # dump the modified output to the config file
+ #
+
+ writeFile($fileOutput, $data);
+
+ #
+ # An attempt to revert the new file back to the original file's
+ # mode/uid/gid
+ #
+
+ chmod($mode, $fileOutput);
+ chown($uid, $gid, $fileOutput);
+
+ return 0;
+}
+
+### setPrivilegeSeparation( $value )
+#
+# set the privilege separation variable to $value
+#
+
+sub setPrivilegeSeparation
+{
+ my($value) = @_;
+
+ $privsep = $value;
+}
+
+### getPrivilegeSeparation( )
+#
+# return the value of the privilege separation variable
+#
+
+sub getPrivilegeSeparation
+{
+ return $privsep;
+}
+
+### prepareFileWrite( $file )
+#
+# test $file to prepare for writing to it.
+#
+
+sub prepareFileWrite
+{
+ my($file) = @_;
+
+ if ( isPresent($file) )
+ {
+ debug1("$file already exists... ");
+
+ if ( isForced() )
+ {
+ if ( isWritable($file) )
+ {
+ debug1("removing.\n");
+ action("rm $file");
+ return 1;
+ }
+ else
+ {
+ debug1("not writable -- skipping.\n");
+ return 0;
+ }
+ }
+ else
+ {
+ debug1("skipping.\n");
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+### copyConfigFiles( )
+#
+# subroutine that copies some extra config files to their proper location in
+# $GLOBUS_LOCATION/etc/ssh.
+#
+
+sub copyConfigFiles
+{
+ #
+ # copy the sshd_config file into the ssh configuration directory and alter
+ # the paths in the file.
+ #
+
+ copySSHDConfigFile();
+
+ #
+ # do straight copies of the ssh_config and moduli files.
+ #
+
+ debug1("Copying ssh_config and moduli to their proper location...\n");
+
+ copyFile("$setupdir/ssh_config", "$sysconfdir/ssh_config");
+ copyFile("$setupdir/moduli", "$sysconfdir/moduli");
+
+ #
+ # copy and alter the SXXsshd script.
+ #
+
+ copySXXScript("$setupdir/SXXsshd.in", "$sbindir/SXXsshd");
+}
+
+### linkFile( $src, $dest )
+#
+# create a symbolic link from $src to $dest.
+#
+
+sub linkFile
+{
+ my($src, $dest) = @_;
+
+ if ( !isPresent($src) )
+ {
+ debug1("$src is not readable... not creating $dest.\n");
+ return;
+ }
+
+ if ( !prepareFileWrite($dest) )
+ {
+ return;
+ }
+
+ action("ln -s $src $dest");
+}
+
+### copyFile( $src, $dest )
+#
+# copy the file pointed to by $src to the location specified by $dest. in the
+# process observe the rules regarding when the '-force' flag was passed to us.
+#
+
+sub copyFile
+{
+ my($src, $dest) = @_;
+
+ if ( !isReadable($src) )
+ {
+ debug1("$src is not readable... not creating $dest.\n");
+ return;
+ }
+
+ if ( !prepareFileWrite($dest) )
+ {
+ return;
+ }
+
+ action("cp $src $dest");
+}
+
+### copySXXScript( $in, $out )
+#
+# parse the input file, substituting in place the value of GLOBUS_LOCATION, and
+# write the result to the output file.
+#
+
+sub copySXXScript
+{
+ my($in, $out) = @_;
+ my($tmpgpath);
+
+ if ( !isReadable($in) )
+ {
+ debug1("$in is not readable... not creating $out.\n");
+ return;
+ }
+
+ if ( !prepareFileWrite($out) )
+ {
+ return;
+ }
+
+ #
+ # clean up any junk in the globus path variable
+ #